Victorootnice

**Name of the Vulnerable Software and Affected Versions** vnotex vnote versions up to 3.17.0 **Description** A vulnerability has been found in the Markdown File Handler component, which can be exploited to lead to cross-site scripting. The manipulation with the input `<xss onclick="alert(1)" style=display:block>Click here</xss>` can be used to launch a remote attack. The exploit has been disclosed to the public. **Recommendations** For versions up to 3.17.0, consider disabling the Markdown File Handler component until a patch is available. Restrict access to potentially vulnerable markdown files to minimize the risk of exploitation. Avoid using the `onclick` attribute in markdown files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.